[messaging] Audible public-key fingerprints

Mike Hearn mike at plan99.net
Sun Aug 17 09:52:21 PDT 2014

> The user-comprehensibility of one device singing a key to another device
> is somewhat compelling.

I'd say it's maybe the opposite - if you're exposing the notion of a key
you already lost the user comprehension war. The nice thing about BT is it
can be completely passive. Did you have a nice conversation with some
stranger this afternoon? No worries, this evening you can send them an
encrypted message: your phone already has their first name + photo in the
"recent encounters" screen and you can just go ahead and start chatting.

Yes, that's susceptible to targeted MITM attacks if the user you're trying
to communicate with doesn't actually use the app (otherwise you'd get two
entries for the same person), but you can double check that just by asking
them if they're on the platform when actually meeting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140817/db7b112f/attachment.html>

More information about the Messaging mailing list